You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ross Boylan <ro...@biostat.ucsf.edu> on 2006/07/01 05:08:36 UTC
Re: trusted_networks confusion--simple case (clarification)
To clear up an ambiguity in my original:
On Fri, 2006-06-30 at 19:19 -0700, Ross Boylan wrote:
> Does a machine that is not part of my domain qualify as a client?
> Suppose my MTA is contacted by a dial-up IP for somewhere.com (not my
> domain), and that I do want to accept such mail.
The human client sending the mail works for somewhere.com, not my
organization. I'm not talking about the case of a roaming user who
really is in my domain. The mail is external in all senses; I just want
to accept it for the same reason I accept email from anywhere on the
internet. They could be a spammer.
> Does that count as
> "directly accepting mail from client IPs that you WANT to accept mail
> from"? If it does, then the "internal only if it's not ...." test
> says
> the machine is not internal.
>
This was all in the context of discussing this passage:
>> [Ross] I thought it was internal only if I was sure it wasn't
>> accepting mail
>> from questionable IP's, and I'm not.
> [Daryl] No. Internal only if it's not directly accepting mail from
client IPs
> that you WANT to accept mail from. MXes and everything (internal
> relays) after them are ALWAYS in both trusted and internal networks.
Sorry for the chatter.
Re: trusted_networks confusion--simple case (clarification)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 6/30/2006 11:08 PM, Ross Boylan wrote:
> To clear up an ambiguity in my original:
> On Fri, 2006-06-30 at 19:19 -0700, Ross Boylan wrote:
>
>>Does a machine that is not part of my domain qualify as a client?
>>Suppose my MTA is contacted by a dial-up IP for somewhere.com (not my
>>domain), and that I do want to accept such mail.
>
> The human client sending the mail works for somewhere.com, not my
> organization. I'm not talking about the case of a roaming user who
> really is in my domain. The mail is external in all senses; I just want
> to accept it for the same reason I accept email from anywhere on the
> internet. They could be a spammer.
Anyone from somewhere.com sending mail directly to your MXes are taking
their chances with being looked up in DNSBLs. Anyone trying to do so
these days should be well aware of that. Telling SA that the MX is
internal tells it to look up these people, who may be spammers as you
said, in DNSBLs.
As Matt Kettler best said in a post tonight, internal hosts aren't
*intended* to have mail sent directly to them from humans at
somewhere.com. They should really use their own MSA.
Daryl